# HG changeset patch # User Lennard de Rijk # Date 1239093718 0 # Node ID 9a2c9354468ca49cda3c0b7db75b40318f34b194 # Parent dfe684de7f925c87b2b9d2e042985189edfcd1af Added 2 new access checks to deal with StudentProjects. In preparation for the view updates regarding StudentProject. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r dfe684de7f92 -r 9a2c9354468c app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Tue Apr 07 08:40:51 2009 +0000 +++ b/app/soc/views/helper/access.py Tue Apr 07 08:41:58 2009 +0000 @@ -51,6 +51,7 @@ from soc.logic.models.site import logic as site_logic from soc.logic.models.sponsor import logic as sponsor_logic from soc.logic.models.student import logic as student_logic +from soc.logic.models.student_project import logic as student_project_logic from soc.logic.models.student_proposal import logic as student_proposal_logic from soc.logic.models.timeline import logic as timeline_logic from soc.logic.models.user import logic as user_logic @@ -1373,6 +1374,51 @@ return @allowDeveloper + def checkIsMyStudentProject(self, django_args): + """Checks whether the project belongs to the current user. + + Args: + django_args: a dictionary with django's arguments + + Raises: + AccessViolationResponse: + - If there is no project found + - If the project does not belong to the current user + """ + + self.checkIsUser() + + project_entity = student_project_logic.getFromKeyFieldsOr404(django_args) + + if project_entity.student.user.key() != self.user.key(): + raise out_of_band.AccessViolation( + message_fmt=DEF_NOT_YOUR_ENTITY_MSG) + + return + + @allowDeveloper + def checkStudentProjectHasStatus(self, django_args, allowed_status): + """Checks whether the Project has one of the given statusses. + + Args: + django_args: a dictionary with django's arguments + allowed_status: list with the allowed statusses for the entity + + Raises: + AccessViolationResponse: + - If there is no project found + - If the project is not in the requested status + """ + + project_entity = student_project_logic.getFromKeyFieldsOr404(django_args) + + if not project_entity.status in allowed_status: + raise out_of_band.AccessViolation( + message_fmt=DEF_NO_ACTIVE_ENTITY_MSG) + + return + + @allowDeveloper def checkIsMyEntity(self, django_args, logic, field_name='user', user=False): """Checks whether the entity belongs to the user.